Package: asterisk / 1:1.6.2.9-2+squeeze12

Metadata

Package Version Patches format
asterisk 1:1.6.2.9-2+squeeze12 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
parser mangles include | (download)

main/config.c | 25 9 + 16 - 0 !
1 file changed, 9 insertions(+), 16 deletions(-)

 change the way that we read include files, to accommodate for changes in gcc 4.4 
allow tilde destdir | (download)

Makefile | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 relax badshell tilde test
hack multiple app voicemail | (download)

Makefile.moddir_rules | 2 1 + 1 - 0 !
apps/Makefile | 18 18 + 0 - 0 !
apps/app_voicemail.c | 3 3 + 0 - 0 !
3 files changed, 22 insertions(+), 1 deletion(-)

 build multiple versions of app_voicemail.so
make clean fixes | (download)

Makefile | 5 4 + 1 - 0 !
1 file changed, 4 insertions(+), 1 deletion(-)

 don't remove sounds on dist-clean
safe_asterisk config | (download)

contrib/scripts/safe_asterisk | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 use /etc/default/settings for configuring safe_asterisk (vendor specific)
safe_asterisk nobg | (download)

contrib/scripts/safe_asterisk | 7 6 + 1 - 0 !
1 file changed, 6 insertions(+), 1 deletion(-)

 add an option to safe_asterisk so that it won't background.
h323 no deps on asterisk | (download)

main/Makefile | 11 0 + 11 - 0 !
1 file changed, 11 deletions(-)

 avoid linking the asterisk binary with the h.323 libraries
h323 workaround openh323 segfault | (download)

main/loader.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 hack dynamic loader to workaround libopenh323 bug
astgenkey security | (download)

contrib/scripts/astgenkey | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 astgenkey should generate a private key that is not world-readable
dahdi fxsks hookstate | (download)

channels/chan_dahdi.c | 32 17 + 15 - 0 !
1 file changed, 17 insertions(+), 15 deletions(-)

 allow fxo channels to send out calls even before someone calls in through them
dahdi_ptmp_nt | (download)

channels/chan_dahdi.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 give dahdi ptmp nt mode a shot
dahdi_pri_debug_spannums | (download)

channels/chan_dahdi.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 print span number (when available) on pri trace messages
sound_files | (download)

sounds/sounds.xml | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

 avoid downloading extra sound files
moh_datadir | (download)

res/res_musiconhold.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 install moh files under datadir
settings_show_dirs | (download)

main/asterisk.c | 7 7 + 0 - 0 !
1 file changed, 7 insertions(+)

 make 'core show settings' should show all settable directories
h323 extra target | (download)

Makefile | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 allow manually generating channels/h323/makefile.ast
man_hyphen | (download)

contrib/scripts/astgenkey.8 | 15 7 + 8 - 0 !
contrib/scripts/autosupport.8 | 2 1 + 1 - 0 !
contrib/scripts/safe_asterisk.8 | 4 2 + 2 - 0 !
doc/asterisk.8 | 94 47 + 47 - 0 !
4 files changed, 57 insertions(+), 58 deletions(-)

 fix hyphen vs. minus in man pages
typos | (download)

apps/app_voicemail.c | 2 1 + 1 - 0 !
channels/chan_dahdi.c | 6 3 + 3 - 0 !
channels/chan_iax2.c | 2 1 + 1 - 0 !
channels/chan_sip.c | 6 3 + 3 - 0 !
res/res_agi.c | 4 2 + 2 - 0 !
5 files changed, 10 insertions(+), 10 deletions(-)

 fix typos reported by lintian

Also extra typo fixed in r278934 .


rtcp_cli_fix | (download)

main/rtp.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 fix rt(c)p set debug ip taking wrong argument
AST 2011 001 | (download)

main/utils.c | 27 13 + 14 - 0 !
1 file changed, 13 insertions(+), 14 deletions(-)

 prevent buffer overflows in ast_uri_encode()
AST 2011 002 | (download)

main/udptl.c | 48 21 + 27 - 0 !
1 file changed, 21 insertions(+), 27 deletions(-)

 multiple array overflow and crash vulnerabilities in udptl code
manager_bugfix_reload | (download)

main/manager.c | 30 21 + 9 - 0 !
1 file changed, 21 insertions(+), 9 deletions(-)

 properly reset default manager.conf values on reload

Fixes a bug in manager.c where the default configuration values weren't
reset when the manager configuration was reloaded.

This is a simple bugfix required for cleanly applying AST-2011-005


AST 2011 003 | (download)

main/manager.c | 15 10 + 5 - 0 !
1 file changed, 10 insertions(+), 5 deletions(-)

 resource exhaustion in asterisk manager interface
AST 2011 004 | (download)

main/tcptls.c | 8 6 + 2 - 0 !
1 file changed, 6 insertions(+), 2 deletions(-)

 remote crash vulnerability in tcp/tls server
AST 2011 005 | (download)

configs/manager.conf.sample | 11 11 + 0 - 0 !
main/manager.c | 76 73 + 3 - 0 !
2 files changed, 84 insertions(+), 3 deletions(-)

 limit the number of unauthenticated manager and their time
Bug: https://issues.asterisk.org/view.php?id=18996
AST 2011 005 p2 | (download)

channels/chan_sip.c | 162 156 + 6 - 0 !
channels/chan_skinny.c | 78 74 + 4 - 0 !
configs/http.conf.sample | 5 5 + 0 - 0 !
configs/sip.conf.sample | 10 10 + 0 - 0 !
configs/skinny.conf.sample | 9 9 + 0 - 0 !
main/http.c | 15 15 + 0 - 0 !
6 files changed, 269 insertions(+), 10 deletions(-)

 limits unauthenticated tcp sessions
AST 2011 006 | (download)

main/manager.c | 34 19 + 15 - 0 !
1 file changed, 19 insertions(+), 15 deletions(-)

 check for "system" privilege in the manager interface

This fix adds the missing test (added in later version, though apparently
in a slightly wrong location) for the "system" write permissions in case
a manager user attempts to execute an action that may eventually execute
a shell command.

Note that:
1. In order to explit this one must already gain authenticated access to
   the manager interface with some sort of write access.
2. Asterisk is never run as root in Debian (if you use standard init.d
   script, which slightly reduces the impact of this.
3. Many poorly-written sample manager.conf config files just give any
   manager user all priviliges. There's all to big a chance the manager
   user already has the 'system' write priv (write=system in manager.conf).

See also:
  http://downloads.asterisk.org/pub/security/AST-2011-006.html


AST 2011 008 | (download)

channels/chan_sip.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 addresses ast-2011-008, memory corruption and remote crash in sip driver.

If a remote user sends a SIP packet containing a null, Asterisk assumes
available data extends past the null to the end of the packet when the
buffer is actually truncated when copied.  This causes SIP header parsing
to modify data past the end of the buffer altering unrelated memory
structures.  This vulnerability does not affect TCP/TLS connections.

CVE: CVE-2011-2529
See also http://downloads.asterisk.org/pub/security/AST-2011-008.html


AST 2011 010 | (download)

channels/chan_iax2.c | 14 13 + 1 - 0 !
main/features.c | 15 12 + 3 - 0 !
2 files changed, 25 insertions(+), 4 deletions(-)

 addresses ast-2011-010, crash due to dereferencing a remote pointer

A memory address was inadvertently transmitted over the network via
IAX2 via an option control frame and the remote party would try to access it.

CVE: CVE-2011-2535
See also: http://downloads.asterisk.org/pub/security/AST-2011-010.html

AST 2011 011 | (download)

channels/chan_sip.c | 17 6 + 11 - 0 !
1 file changed, 6 insertions(+), 11 deletions(-)

 [patch] merged revisions 325275 via svnmerge from
 https://origsvn.digium.com/svn/asterisk/branches/1.4

........
  r325275 | twilson | 2011-06-28 15:03:19 -0500 (Tue, 28 Jun 2011) | 2 lines

  Don't leak SIP username information
........


chan_sip_hotfix_for_AST 2011 005 p2 | (download)

channels/chan_sip.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 make sure tcptls_session exists before dereferencing it.
fix_bridging_crash | (download)

main/bridging.c | 7 6 + 1 - 0 !
1 file changed, 6 insertions(+), 1 deletion(-)

 pthread_join to assure the thread is really gone
Bug: https://issues.asterisk.org/view.php?id=15465
AST 2011 013 | (download)

CHANGES | 12 12 + 0 - 0 !
channels/chan_sip.c | 34 22 + 12 - 0 !
configs/sip.conf.sample | 17 9 + 8 - 0 !
3 files changed, 43 insertions(+), 20 deletions(-)

 default to nat=yes; warn when nat in general and peer differ
Bug: https://issues.asterisk.org/jira/browse/ASTERISK-18862
AST 2011 014 | (download)

channels/chan_sip.c | 9 8 + 1 - 0 !
1 file changed, 8 insertions(+), 1 deletion(-)

---
AST 2012 002 | (download)

apps/app_milliwatt.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
AST 2012 004 | (download)

main/manager.c | 33 30 + 3 - 0 !
1 file changed, 30 insertions(+), 3 deletions(-)

 ast-2012-004: further ami permission fixes
AST 2012 004 MixMonitor | (download)

main/manager.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 [patch] ami originate: forbid mixmonitor as well

Add MixMonitor to the list of patters that detect a "system"
command that is forbidden to a simple "originate"-level
Originate.

Should have been included in AST-2012-004 but seem to have been lost in
the backporting.

AST 2012 005 | (download)

channels/chan_skinny.c | 10 8 + 2 - 0 !
1 file changed, 8 insertions(+), 2 deletions(-)

 ast-2012-005: chan_skinny: heap overflow in keypad button handling

When handling a keypad button message event, the received digit is placed into
a fixed length buffer that acts as a queue.  When a new message event is
received, the length of that buffer is not checked before placing the new digit
on the end of the queue.  The situation exists where sufficient keypad button
message events would occur that would cause the buffer to be overrun.  This
patch explicitly checks that there is sufficient room in the buffer before
appending a new digit.

This issue can only be exploited with a registered Skinny phone (configured
in e.g. skinny.conf).

See Also: http://downloads.asterisk.org/pub/security/AST-2012-005.html

Reported by: Russell Bryant


AST 2012 007 | (download)

channels/chan_iax2.c | 30 20 + 10 - 0 !
1 file changed, 20 insertions(+), 10 deletions(-)

 fix iax receiving hold without suggested moh class crash.
Bug: https://issues.asterisk.org/jira/browse/ASTERISK-19597
skinny_fix_16040 | (download)

channels/chan_skinny.c | 8 6 + 2 - 0 !
1 file changed, 6 insertions(+), 2 deletions(-)

 [patch] only assign line and device in handle_transfer_button when
 we have a subchannel.

Simple and minor bug fix required for applying AST-2012-008 .


AST 2012 008 | (download)

channels/chan_skinny.c | 44 40 + 4 - 0 !
1 file changed, 40 insertions(+), 4 deletions(-)

 [patch] ast-2012-008: remote crash issue in chan_skinny
Bug: https://issues.asterisk.org/jira/browse/ASTERISK-19905
AST 2012 010 | (download)

channels/chan_sip.c | 57 47 + 10 - 0 !
1 file changed, 47 insertions(+), 10 deletions(-)

 possible resource leak on uncompleted re-invite transactions
AST 2012 012 | (download)

README-SERIOUSLY.bestpractices.txt | 51 51 + 0 - 0 !
main/manager.c | 1 1 + 0 - 0 !
2 files changed, 52 insertions(+)

 ast-2012-012: ami user shell access with externalivr